General
-
Target
3ec678c95b7ed5e850ce0fa51ed9eb43986be2f1f6e5ee944c10d0952db2e6a4
-
Size
3.8MB
-
Sample
230129-xt4dssad37
-
MD5
717b5065e125fa1d1894a091501e639a
-
SHA1
afa39b1330c398a63cc9f29d4def482f5b2f3beb
-
SHA256
3ec678c95b7ed5e850ce0fa51ed9eb43986be2f1f6e5ee944c10d0952db2e6a4
-
SHA512
a3788919efd4fe37e395a3bceadb1233e985bfa3d3cb692ad6873a9ea8c60db0bc4f984e98b93d35c2fdad87a2d2a9f33a3d45d04a00217dd240564ad247bf18
-
SSDEEP
98304:xyz9nyR+RjXX6v+L6qL6LPQs9wlVKtwL4P66hO:cz9yR+RjXKmLisselVR4P/O
Static task
static1
Behavioral task
behavioral1
Sample
3ec678c95b7ed5e850ce0fa51ed9eb43986be2f1f6e5ee944c10d0952db2e6a4.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3ec678c95b7ed5e850ce0fa51ed9eb43986be2f1f6e5ee944c10d0952db2e6a4.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
metasploit
windows/single_exec
Targets
-
-
Target
3ec678c95b7ed5e850ce0fa51ed9eb43986be2f1f6e5ee944c10d0952db2e6a4
-
Size
3.8MB
-
MD5
717b5065e125fa1d1894a091501e639a
-
SHA1
afa39b1330c398a63cc9f29d4def482f5b2f3beb
-
SHA256
3ec678c95b7ed5e850ce0fa51ed9eb43986be2f1f6e5ee944c10d0952db2e6a4
-
SHA512
a3788919efd4fe37e395a3bceadb1233e985bfa3d3cb692ad6873a9ea8c60db0bc4f984e98b93d35c2fdad87a2d2a9f33a3d45d04a00217dd240564ad247bf18
-
SSDEEP
98304:xyz9nyR+RjXX6v+L6qL6LPQs9wlVKtwL4P66hO:cz9yR+RjXKmLisselVR4P/O
-
Glupteba payload
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-